keysigning ?= UIDsigning

Chad Miller cmiller at surfsouth.com
Wed Jun 28 21:46:27 CEST 2000


On Wed, Jun 28, 2000 at 07:34:24PM -0400, Billy Donahue wrote:
> You accumulate signatures on your UID+key, not the key itself.
> A signature asserts a relation of a UID to the key.


...but a fingerprint or keyid doesn't assert UID at all.  So, when you're 
at a keysigning party, you should demand the UID as well?

Hmmm.  I think I agree with this, but I suggest a change to the docs to 
add as the primary UID only information that should never change, and add
UIDs later to contain email addresses and other ephemeral info after it.

It'd be a shame to get plenty of signatures on a single-UID key and have
your ISP go tits-up.  

						- chad

--
Chad Miller <cmiller at surfsouth.com>   URL: http://web.chad.org/   (GPG)
"Any technology distinguishable from magic is insufficiently advanced".
First corollary to Clarke's Third Law (Jargon File, v4.2.0, 'magic')
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : /pipermail/attachments/20000628/b9ca1d77/attachment.bin


More information about the Gnupg-devel mailing list